SlideShare a Scribd company logo

Information security

Download as PPT, PDF
P
Praveen Minz

Information security

Education
1 of 20
INFORMATION SECURITY •It is a prime concern for all those organizations which use computer based information systems as potential of information security breaches is much higher in these as compared to manual ones. •It relates to the protection of assets against loss, damage, or disclosure of information. •The basic objective of IS is the protection of the interests of those who rely on information from harm resulting from the failure of availability, confidentiality and integrity •IS objective is met when: IS are available and usable whenever required (availability objective) Information is disclosed only to those who have the right to know it (confidentiality objective) Information is protected against unauthorized modification (integrity objective)
PRINCIPLES OF IS 1. Accountability principle 2. Awareness principle 3. Multidisciplinary principle 4. Integration principle 5. Timeliness principle 6. Reassessment principle 7. Cost-effective principle 8. Societal principle
1. Accountability principle: following issues should be considered: • Specification of ownership of data and information • Identification of users who access the system in a unique way • Assignment of responsibility for maintenance of data and information • Institution of investigative and other remedial procedures when a breach or an attempted breach of information security occurs.
2. Awareness principle: following issues should be considered: • Levels of details disclosed should be consistent with information security requirements • Appropriate knowledge should be available to all parties concerned • Information security is not one shot action but is an on-going process so that it becomes part of the organizational culture • Security awareness being an on-going process is applicable to all employees, whether old or new recruits
3. Multidisciplinary principle: issues to ba tackled in this context are as: • Business value of the information being protected • Technology that is available to meet the information security • Impact of organizational and technological changes • Requirements of legal and industry norms • Requirements of managing advanced technology for information security
4. Integration principle: the issues that should be addressed are: • Information security policy and administration to be included as integral part of the overall management of the organization • Information development and information security to be consistent with each other
5. Timeliness principle: The issues that should be taken care are: • Instantaneous and irrevocable nature of business transactions • Volume of information generated from the increasingly interconnected and complex information systems • Automated tools to support real-time monitoring • Expediency of reporting security breaches to appropriate decision making level
6. Reassessment principle: The issues that should be taken care are: • Increase in up gradation of information systems according to business needs • Changes in information systems and their infrastructure • New threats to emerge over the period of time requiring extra safeguard • New information security technology that has emerged or id emerging.
7. Cost-effective principle: The issues that should be taken care are: • Value to and dependence of the organization on a particular information asset • The amount of security and confidentiality required • The nature of threats that exists • Costs and benefits of security • Optimum level beyond which costs of security measures to be prohibitive
8. Societal principle: The issues that should be taken care are: • Fair presentation of data and information to legitimate users • Ethical use and disclosure of information obtained from others
APPROACHES • Preventive information protection approach • Restorative information protection approach • Holistic information protection approach
IMPLEMENTATION OF IS 1. DEVELOPMENT OF SECURITY POLICIES 2. PRESCRIBING ROLES AND RESPONSIBILITIES 3. DESIGNING SECURITY MEASURES 4. EDUCATING EMPLOYEES 5. IMPLEMENTATION 6. MONITORING
DEVELOPMENT OF SECURITY POLICIES • A policy is the statement or general understanding which provides guidelines in decision making to members of an organization in respect to any course of action • While designing such policies the core principles of IS should be kept in mind so that sound policies are developed • It should cover the following aspects: • The importance and need of IS in the organization • Statement for the chief executive of the organization in support if the objectives on effective IS • Data security • Communication security/ Personnel security • Description of responsibility and accountability for IS • Physical, logical and environment security • Security awareness, education and training
contd.. • Security breaches, detection and reporting requirements 2. PRESCRIBING ROLES AND RESPONSIBILITIES • Chief information executive: has overall responsibility of developing and operating information systems including security • Information security administrator-has overall responsibility for information security • Other professionals- responsible for security measures in their respective areas • Data owners- responsible for ensuring that appropriate security , consistent with organizational policies , is embedded in the information systems • Technology providers-responsible for assisting in implementation of IS • Users- responsible for adhering to procedures prescribed for IS
3. REDESIGNING SECURITY MEASURES • It includes prescribing of standards, procedures, methods, and practices in respect of IS. • While designing security measures , security requirements of individual information systems should be taken into account as different information systems have different security requirements. 4. EDUCATING EMPLOYEES • Technical training • Behavioral training 5. IMPLEMENTATION • Managerial control • Identification and authentication controls • Logical access controls • Accountability controls • Cryptographic controls
Contd.. • Computer operations control • Physical and environmental controls 6. MONITORING Issues that need to be addressed in achieving effective monitoring include: • Appointment of appropriate person, may be information security administrator, with appropriate authority to work and adequate tools and resources to control • Establishment of clear investigating procedures • Information system audit by external auditors • Establishment of audit trail information from a large number of systems that may need to be examined.
SOURCES OF THREATS TO IS • INTERNAL SOURCES • EXTERNAL SOURCES
INTERNET FRAUDS Hacking Protection against hacking: • Checking system security • Use of firewalls • Data encryption Viruses Protection against Viruses • Use of antivirus • Procurement of software from reliable sources • Testing new applications on stand alone systems
Measure against computer frauds • Detection of frauds • Disk imaging and analysis technique: – Imaging hard disk – Recovering deleted files – Analysis of the processed image • Actions after detection of frauds
Prevention of computer frauds • Making fraud commitment difficult – Applying strong controls – Rotating jobs – Controlling sensitive data – Controlling laptop computers – Applying harsh punishment measures • Improving fraud detection methods – Use of fraud detection software – Use of computer security officer – Monitoring system activities – Conducting system audit

Recommended

Lesson 4
Lesson 4Lesson 4
Lesson 4MLG College of Learning, Inc
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1Hamed Moghaddam
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsRd. R. Agung Trimanda
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
Lesson 1 - Introduction
Lesson 1 - Introduction Lesson 1 - Introduction
Lesson 1 - Introduction MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4MLG College of Learning, Inc
 
Hm300 week 7 part 2 of 2
Hm300 week 7 part 2 of 2Hm300 week 7 part 2 of 2
Hm300 week 7 part 2 of 2BHUOnlineDepartment
 
Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1MLG College of Learning, Inc
 

Recommended

Lesson 4
Lesson 4Lesson 4
Lesson 4MLG College of Learning, Inc
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1Hamed Moghaddam
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsRd. R. Agung Trimanda
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
Lesson 1 - Introduction
Lesson 1 - Introduction Lesson 1 - Introduction
Lesson 1 - Introduction MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4MLG College of Learning, Inc
 
Hm300 week 7 part 2 of 2
Hm300 week 7 part 2 of 2Hm300 week 7 part 2 of 2
Hm300 week 7 part 2 of 2BHUOnlineDepartment
 
Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Information security-management-system
Information security-management-systemInformation security-management-system
Information security-management-systemintellisenseit
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2MLG College of Learning, Inc
 
Ch.5 rq (1)
Ch.5 rq (1)Ch.5 rq (1)
Ch.5 rq (1)anthnydvs
 
Compliance poster
Compliance posterCompliance poster
Compliance posterRui Gomes
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Leon Blum
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
CISSP Certification-Asset Security
CISSP Certification-Asset SecurityCISSP Certification-Asset Security
CISSP Certification-Asset SecurityHamed Moghaddam
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.IGN MANTRA
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
ISO_27001___2005_OASIS
ISO_27001___2005_OASISISO_27001___2005_OASIS
ISO_27001___2005_OASISDermot Clarke
 
Lesson 3- Fair Approach
Lesson 3- Fair ApproachLesson 3- Fair Approach
Lesson 3- Fair ApproachMLG College of Learning, Inc
 
Information Security
Information Security Information Security
Information Security Alok Katiyar
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
How to implement a robust information security management system?
How to implement a robust information security management system?How to implement a robust information security management system?
How to implement a robust information security management system?ESET
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.pptit160320737038
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 

More Related Content

What's hot

Information security-management-system
Information security-management-systemInformation security-management-system
Information security-management-systemintellisenseit
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2MLG College of Learning, Inc
 
Compliance poster
Compliance posterCompliance poster
Compliance posterRui Gomes
 
Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Leon Blum
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
CISSP Certification-Asset Security
CISSP Certification-Asset SecurityCISSP Certification-Asset Security
CISSP Certification-Asset SecurityHamed Moghaddam
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.IGN MANTRA
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
ISO_27001___2005_OASIS
ISO_27001___2005_OASISISO_27001___2005_OASIS
ISO_27001___2005_OASISDermot Clarke
 
Information Security
Information Security Information Security
Information Security Alok Katiyar
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 
How to implement a robust information security management system?
How to implement a robust information security management system?How to implement a robust information security management system?
How to implement a robust information security management system?ESET
 

What's hot (19)

Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Information security-management-system
Information security-management-systemInformation security-management-system
Information security-management-system
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
 
Ch.5 rq (1)
Ch.5 rq (1)Ch.5 rq (1)
Ch.5 rq (1)
 
Compliance poster
Compliance posterCompliance poster
Compliance poster
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016
 
Information security
Information securityInformation security
Information security
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
CISSP Certification-Asset Security
CISSP Certification-Asset SecurityCISSP Certification-Asset Security
CISSP Certification-Asset Security
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
ISO_27001___2005_OASIS
ISO_27001___2005_OASISISO_27001___2005_OASIS
ISO_27001___2005_OASIS
 
Lesson 3- Fair Approach
Lesson 3- Fair ApproachLesson 3- Fair Approach
Lesson 3- Fair Approach
 
Information Security
Information Security Information Security
Information Security
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
How to implement a robust information security management system?
How to implement a robust information security management system?How to implement a robust information security management system?
How to implement a robust information security management system?
 

Similar to Information security

chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.pptit160320737038
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfssuserf98dd4
 
12 security policies
12 security policies12 security policies
12 security policiesSaqib Raza
 
Human Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxHuman Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxShreeveni
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaSee You Rise Holdings
 
Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...
Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...
Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...acemindia
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security BlueprintZefren Edior
 
Chapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfChapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfAbuHanifah59
 
Exeter university ig manager presentation [1]
Exeter university ig manager presentation [1]Exeter university ig manager presentation [1]
Exeter university ig manager presentation [1]Martin Lawrence
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
 
GDPR in practice
GDPR in practiceGDPR in practice
GDPR in practiceZoneFox
 
L1_Introduction.pptx
L1_Introduction.pptxL1_Introduction.pptx
L1_Introduction.pptxStevenTharp2
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointbradleyl2
 

Similar to Information security (20)

chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.ppt
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdf
 
12 security policies
12 security policies12 security policies
12 security policies
 
Human Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxHuman Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptx
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOV
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan Nganda
 
Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...
Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...
Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security Blueprint
 
Chapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfChapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdf
 
Exeter university ig manager presentation [1]
Exeter university ig manager presentation [1]Exeter university ig manager presentation [1]
Exeter university ig manager presentation [1]
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
GDPR in practice
GDPR in practiceGDPR in practice
GDPR in practice
 
ANS_Ch_06_Handouts.pdf
ANS_Ch_06_Handouts.pdfANS_Ch_06_Handouts.pdf
ANS_Ch_06_Handouts.pdf
 
L1_Introduction.pptx
L1_Introduction.pptxL1_Introduction.pptx
L1_Introduction.pptx
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power point
 

More from Praveen Minz

Types of Information System
Types of Information SystemTypes of Information System
Types of Information SystemPraveen Minz
 
System development
System developmentSystem development
System developmentPraveen Minz
 
Management Information System
Management Information SystemManagement Information System
Management Information SystemPraveen Minz
 
Electronic commerce
Electronic commerceElectronic commerce
Electronic commercePraveen Minz
 
Business Process Re-engineering
Business Process Re-engineeringBusiness Process Re-engineering
Business Process Re-engineeringPraveen Minz
 
Research Methodology report writing
Research Methodology report writing Research Methodology report writing
Research Methodology report writingPraveen Minz
 
Research Methodology anova
Research Methodology anova Research Methodology anova
Research Methodology anovaPraveen Minz
 
Research Methodology chi square test
Research Methodology chi square test Research Methodology chi square test
Research Methodology chi square testPraveen Minz
 
Data collection methodology
Data collection methodologyData collection methodology
Data collection methodologyPraveen Minz
 
Sampling and measurement
Sampling and measurementSampling and measurement
Sampling and measurementPraveen Minz
 
Identification of research problem
Identification of research problemIdentification of research problem
Identification of research problemPraveen Minz
 
Introduction to research methodology
Introduction to research methodology Introduction to research methodology
Introduction to research methodologyPraveen Minz
 
Dell suply chain mgmt
Dell suply chain mgmtDell suply chain mgmt
Dell suply chain mgmtPraveen Minz
 

More from Praveen Minz (17)

Types of Information System
Types of Information SystemTypes of Information System
Types of Information System
 
System development
System developmentSystem development
System development
 
Management Information System
Management Information SystemManagement Information System
Management Information System
 
Info systems
Info systemsInfo systems
Info systems
 
Electronic commerce
Electronic commerceElectronic commerce
Electronic commerce
 
Decision making
Decision makingDecision making
Decision making
 
Database
DatabaseDatabase
Database
 
Business Process Re-engineering
Business Process Re-engineeringBusiness Process Re-engineering
Business Process Re-engineering
 
Research Methodology report writing
Research Methodology report writing Research Methodology report writing
Research Methodology report writing
 
Research Methodology anova
Research Methodology anova Research Methodology anova
Research Methodology anova
 
Research Methodology chi square test
Research Methodology chi square test Research Methodology chi square test
Research Methodology chi square test
 
Data collection methodology
Data collection methodologyData collection methodology
Data collection methodology
 
Sampling and measurement
Sampling and measurementSampling and measurement
Sampling and measurement
 
Identification of research problem
Identification of research problemIdentification of research problem
Identification of research problem
 
Introduction to research methodology
Introduction to research methodology Introduction to research methodology
Introduction to research methodology
 
Dell suply chain mgmt
Dell suply chain mgmtDell suply chain mgmt
Dell suply chain mgmt
 
Apple vs. dell
Apple vs. dellApple vs. dell
Apple vs. dell
 

Recently uploaded

Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationRosabel UA
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 

Recently uploaded (20)

Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translation
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 

Information security

  • 1. INFORMATION SECURITY •It is a prime concern for all those organizations which use computer based information systems as potential of information security breaches is much higher in these as compared to manual ones. •It relates to the protection of assets against loss, damage, or disclosure of information. •The basic objective of IS is the protection of the interests of those who rely on information from harm resulting from the failure of availability, confidentiality and integrity •IS objective is met when: IS are available and usable whenever required (availability objective) Information is disclosed only to those who have the right to know it (confidentiality objective) Information is protected against unauthorized modification (integrity objective)
  • 2. PRINCIPLES OF IS 1. Accountability principle 2. Awareness principle 3. Multidisciplinary principle 4. Integration principle 5. Timeliness principle 6. Reassessment principle 7. Cost-effective principle 8. Societal principle
  • 3. 1. Accountability principle: following issues should be considered: • Specification of ownership of data and information • Identification of users who access the system in a unique way • Assignment of responsibility for maintenance of data and information • Institution of investigative and other remedial procedures when a breach or an attempted breach of information security occurs.
  • 4. 2. Awareness principle: following issues should be considered: • Levels of details disclosed should be consistent with information security requirements • Appropriate knowledge should be available to all parties concerned • Information security is not one shot action but is an on-going process so that it becomes part of the organizational culture • Security awareness being an on-going process is applicable to all employees, whether old or new recruits
  • 5. 3. Multidisciplinary principle: issues to ba tackled in this context are as: • Business value of the information being protected • Technology that is available to meet the information security • Impact of organizational and technological changes • Requirements of legal and industry norms • Requirements of managing advanced technology for information security
  • 6. 4. Integration principle: the issues that should be addressed are: • Information security policy and administration to be included as integral part of the overall management of the organization • Information development and information security to be consistent with each other
  • 7. 5. Timeliness principle: The issues that should be taken care are: • Instantaneous and irrevocable nature of business transactions • Volume of information generated from the increasingly interconnected and complex information systems • Automated tools to support real-time monitoring • Expediency of reporting security breaches to appropriate decision making level
  • 8. 6. Reassessment principle: The issues that should be taken care are: • Increase in up gradation of information systems according to business needs • Changes in information systems and their infrastructure • New threats to emerge over the period of time requiring extra safeguard • New information security technology that has emerged or id emerging.
  • 9. 7. Cost-effective principle: The issues that should be taken care are: • Value to and dependence of the organization on a particular information asset • The amount of security and confidentiality required • The nature of threats that exists • Costs and benefits of security • Optimum level beyond which costs of security measures to be prohibitive
  • 10. 8. Societal principle: The issues that should be taken care are: • Fair presentation of data and information to legitimate users • Ethical use and disclosure of information obtained from others
  • 11. APPROACHES • Preventive information protection approach • Restorative information protection approach • Holistic information protection approach
  • 12. IMPLEMENTATION OF IS 1. DEVELOPMENT OF SECURITY POLICIES 2. PRESCRIBING ROLES AND RESPONSIBILITIES 3. DESIGNING SECURITY MEASURES 4. EDUCATING EMPLOYEES 5. IMPLEMENTATION 6. MONITORING
  • 13. DEVELOPMENT OF SECURITY POLICIES • A policy is the statement or general understanding which provides guidelines in decision making to members of an organization in respect to any course of action • While designing such policies the core principles of IS should be kept in mind so that sound policies are developed • It should cover the following aspects: • The importance and need of IS in the organization • Statement for the chief executive of the organization in support if the objectives on effective IS • Data security • Communication security/ Personnel security • Description of responsibility and accountability for IS • Physical, logical and environment security • Security awareness, education and training
  • 14. contd.. • Security breaches, detection and reporting requirements 2. PRESCRIBING ROLES AND RESPONSIBILITIES • Chief information executive: has overall responsibility of developing and operating information systems including security • Information security administrator-has overall responsibility for information security • Other professionals- responsible for security measures in their respective areas • Data owners- responsible for ensuring that appropriate security , consistent with organizational policies , is embedded in the information systems • Technology providers-responsible for assisting in implementation of IS • Users- responsible for adhering to procedures prescribed for IS
  • 15. 3. REDESIGNING SECURITY MEASURES • It includes prescribing of standards, procedures, methods, and practices in respect of IS. • While designing security measures , security requirements of individual information systems should be taken into account as different information systems have different security requirements. 4. EDUCATING EMPLOYEES • Technical training • Behavioral training 5. IMPLEMENTATION • Managerial control • Identification and authentication controls • Logical access controls • Accountability controls • Cryptographic controls
  • 16. Contd.. • Computer operations control • Physical and environmental controls 6. MONITORING Issues that need to be addressed in achieving effective monitoring include: • Appointment of appropriate person, may be information security administrator, with appropriate authority to work and adequate tools and resources to control • Establishment of clear investigating procedures • Information system audit by external auditors • Establishment of audit trail information from a large number of systems that may need to be examined.
  • 17. SOURCES OF THREATS TO IS • INTERNAL SOURCES • EXTERNAL SOURCES
  • 18. INTERNET FRAUDS Hacking Protection against hacking: • Checking system security • Use of firewalls • Data encryption Viruses Protection against Viruses • Use of antivirus • Procurement of software from reliable sources • Testing new applications on stand alone systems
  • 19. Measure against computer frauds • Detection of frauds • Disk imaging and analysis technique: – Imaging hard disk – Recovering deleted files – Analysis of the processed image • Actions after detection of frauds
  • 20. Prevention of computer frauds • Making fraud commitment difficult – Applying strong controls – Rotating jobs – Controlling sensitive data – Controlling laptop computers – Applying harsh punishment measures • Improving fraud detection methods – Use of fraud detection software – Use of computer security officer – Monitoring system activities – Conducting system audit